* [ci] Add debian-12 to matrix in packaging and platform jobs (#116172)
Lintian test has been changed to parse the result instead of using exit
code. This was required, because now `mismatched-override` is
non-erasable tag which cannot be ignored for exit code.
Lintian introduced non-backward-compatible format change for overrides
file. Because of that, some overrides are now duplicated in a format for
older versions.
Additionally, Lintian overrides file has been cleaned up to remove the
tags which are no longer failing.
(cherry picked from commit 2ac267de3a)
# Conflicts:
# distribution/packages/src/deb/lintian/elasticsearch
# qa/os/src/test/java/org/elasticsearch/packaging/util/LintianResultParser.java
# qa/packaging/src/test/java/org/elasticsearch/packaging/test/DebMetadataTests.java
* Spotless fix
Backports #110222 to 7.17.
JDK 23 removes the COMPAT locale provider, leaving CLDR as the only option. This commit configures Elasticsearch
to use the CLDR provider when on JDK 23, but still use the existing COMPAT provider when on JDK 22 and below.
This causes some differences in locale behaviour; this also adapts various tests to still work whether run on COMPAT or CLDR.
The `systemd-sysv-install` utility is now provided by the
`systemd-sysvcompat` package. Ensure it's installed when running
packaging tests.
Closes#109831
Fix incompatibility with 8.8 and our internal api usages
- Update ospackage to a version that contains a fix we provided
- Tweak build logic to avoid deprecation warnings
- Use newer permission api
- Use custom shadowplugin
- Rework ElasticsearchDistribution dependencies resolution
- Update Gradle wrapper to 8.8
- Fix one more deprecated permission api usage
- Fix DistroTest dependencies
- Fix permissions in package init.d folder
* Update bundled JDK to Java 22 (again) (#108654)
This commit re-bumps the bundled JDK to Java 22 now that we have
a tested workaround for the G1GC bug
(https://bugs.openjdk.org/browse/JDK-8329528).
relates #108571
relates #106987
* copy main openjdk toolchain resolver
* use 2 lines for workaround
* fix test
* update adoptium test
This supports local testing. It should not be included in
hardening_manifest.yml, which injects the scope at runtime.
# Conflicts:
# distribution/docker/src/docker/Dockerfile
Co-authored-by: Jon <jon@elastic.co>
* Update gradle wrapper to 8.3 (#97838)
Gradle now fully supports compiling, testing and running on Java 20.
Among other general performance improvements this release introduces --test-dry-run command line option that allows checking if tests are filtered or not by gradle.
Required updating nebula ospackage plugin as setuid was broken in gradle 8.3.
(cherry picked from commit b23e000c30)
# Conflicts:
# build-tools-internal/src/integTest/groovy/org/elasticsearch/gradle/internal/test/rest/LegacyYamlRestCompatTestPluginFuncTest.groovy
# build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/ElasticsearchJavaModulePathPlugin.java
# build-tools-internal/src/main/java/org/elasticsearch/gradle/internal/test/rest/compat/compat/AbstractYamlRestCompatTestPlugin.java
# build-tools-internal/src/main/resources/minimumGradleVersion
# gradle/verification-metadata.xml
# gradle/wrapper/gradle-wrapper.jar
# gradlew
# x-pack/plugin/watcher/qa/with-monitoring/src/javaRestTest/java/org/elasticsearch/smoketest/MonitoringWithWatcherRestIT.java
* [7.17] Use patched nebula os package gradle plugin
* Update testingconvention precommit integ test
* Update Gradle Wrapper to 8.2 (#96686)
- Convention usage has been deprecated and was fixed in our build files
- Fix test dependencies and deprecation
* Migrate core rest tests with security to new testing framework (#92575)
# Conflicts:
# x-pack/qa/core-rest-tests-with-security/build.gradle
* Fixes
* More fixes
* More fixes
* More more fixes
This commit adds a new test framework for configuring and orchestrating
test clusters for both Java and YAML REST testing. This will eventually
replace the existing "test-clusters" Gradle plugin and the build-time
cluster orchestration.
Backports the following commits to 7.17:
- Add verification metadata for dependencies (#88814)
- Add missing dependency verification checksums (#89139)
Closes#88218.
Docker image scans have flagged up the `USER` that the UBI Docker image
runs with. Switch to `elasticsearch:root`, which is what the Iron Bank
image also uses, and is what we use for all images from
8.0 onwards.
The class PluginInfo represents the plugin-descriptor.properties file
that each plugin must have. This commit renames the class to more
closely match what it represents: the plugin descriptor.
Elasticsearch uses Apache procrun (part of the commons-daemon project)
to launching as a service on Windows. This commit adds attribution for
the project by including license and notice files. These were missed in
the past because the dependency is just two binary exes that are
embedded in the elasticseach codebase.
* Fix edge case where user-defined heap settings are ignored (#86438)
It turns out if you specify an odd heap size (not a multiple of 4MB)
then the JVM will automatically round up to the nearest multiple and
this changes how the output of +PrintFinalFlags is reported. This
resulted in us incorrectly considering these settings to be JVM defaults
instead of user-defined and thus falling back to auto heap sizing
rather that using the user-defined value.
* Update refernces to List.of
* Use stdlib
Closes#82433. If the environment variable `RESTART_ON_UPGRADE` is true,
then ensure that we delay restarting Elasticseach until after the
keystore is upgraded, or else we can run into permissions problems.
As a result of changing the base Docker to Ubuntu in #80820, the default shell
i.e. `/bin/sh` changed to `dash`, rather than `bash`, which could impact anyone
invoking `/bin/sh` and expecting it to still propagate environment variables with
periods in their names.
Reconfigure the default shell back to `bash` so that this type of situation works
again.
Apply suggestions from Docker Inc about how to update the `cacerts` in
our Ubuntu-based Docker image. Instead of copying around files and
symlinking, instead install `ca-certificates` and `p11-kit`, and use the
latter to regenerate Java's `cacerts`, as well as ensuring it is
regenerated if the system ca certs are updated.
This commit emits the value of x-elastic-product-origin header into elasticsearch.elastic_product_origin field in ES deprecation logs and indexed deprecation logs.
x-elastic-product-origin header is intended to identify the elastic stack origin and allow to ignore deprecations emitted by the stack.
ES v7 logging differs from v8 as it creates the JSON layout on its own. The additional custom field have to be declared in log4j.properties and ECSLayout used for indexing deprecated logs also has to be updated
backports #81381
